This article describes Advanced Compliance for Zendesk.
This article includes the following sections:
- Health Insurance Portability and Accountability Act (HIPAA)
- About Advanced Compliance
- Zendesk services eligible for coverage by the BAA
About the Health Insurance Portability and Accountability Act (HIPAA)
The Health Insurance Portability and Accountability Act (HIPAA) is a set of rules and regulations passed by the U.S. Congress designed to protect the privacy and security of individuals’ personal health information (PHI) and electronic personal health information (ePHI).
HIPAA applies to providers of health care, health plans, and health care clearinghouse services. These providers are required to handle patient personal health information (PHI/ePHI) in a way that meets defined security standards. When providers, known as covered entities, use third-party vendors or services where personal health information might be stored, those vendors or services, known as business associates, need to adhere to the HIPAA standards as well. This agreement is contractually defined in a Business Associate Agreement (BAA).
About Advanced Compliance
Because personal health information may exist within Zendesk service data, the Advanced Compliance feature helps you fulfill your HIPAA obligations. With Advanced Compliance, you have the ability to enter into a Business Associate Agreement (BAA) with Zendesk. Additionally, Zendesk will provide you with appropriate security configuration options to help safeguard protected health information (PHI).
With the purchase of Advanced Compliance, either directly or through the purchase of a plan that includes the Advanced Compliance functionality, Zendesk customers can sign Zendesk’s BAA. You can sign the BAA, via DocuSign, here: https://www.zendesk.com/company/business-associate-agreement/. Advanced Compliance and BAA only apply to features and functionality that are expressly stated to form part of the “Service” in the BAA. Additionally, Advanced Compliance and BAA do not apply to certain products, services, and features as further detailed in the BAA. For a list of covered and exempted services, see Zendesk Services eligible for coverage by the BAA, below. However, it is important to note that the information in the BAA overrides the information in this article, in the event of any conflict.
Zendesk services eligible for coverage by the BAA
For customers who have purchased the Advanced Security add-on, or the Advanced Compliance add-on, or are entitled to the Advanced Compliance add-on within their Zendesk Suite Service Plan, the following table shows the current list of HIPAA Enabled Subscription Plans and the applicable Services covered by the BAA under that Service Plan:
| HIPAA Enabled Subscription Plans | BAA Covered Services |
| Zendesk Suite Professional or Enterprise |
Support (Ticketing System Functionality) Guide (Help Center Functionality) Gather (Community Forum Functionality) Chat (Live Chat Functionality) and Zendesk messaging Explore (Analytics Functionality) Talk (Voice Functionality), excluding Text Sunshine Conversations within Zendesk Suite |
| Zendesk Enterprise Support (legacy plan) |
Support (Ticketing System Functionality) Guide (Help Center Functionality) Gather (Community Forum Functionality) Chat (Live Chat Functionality) and Zendesk messaging Explore (Analytics Functionality) |
| Zendesk Talk Enterprise, Professional, or Advanced (legacy plans) | Talk (Voice Functionality), excluding Text |
Any other Zendesk products or third party services (including legacy standalone Sunshine Conversations; integrations, including with social media messaging channels; or Marketplace applications) are not HIPAA-enabled. For additional exceptions see Exceptions to Advanced Security add-ons.
To review our security configuration requirements for HIPAA-enabled accounts, see Security configuration requirements for HIPAA-enabled accounts on Zendesk.
Zendesk security configurations may change from time-to-time due to changes in law and regulation and changes to the Zendesk Service. Zendesk recommends that you Follow this article to be apprised of any changes. For further security information, contact Zendesk Security.
For more information on HIPAA, refer to the attachments below or send email to Zendesk Security for more information regarding the specifics of Zendesk's HIPAA program.
2 Comments
So, just to be clear / confirm, there is no mobile-texting-to-helpdesk solution possible or available within the Zendesk ecosystem when conforming to the Zendesk HIPAA compliance requirements as stated here, correct? ( Eg. as described here: https://support.zendesk.com/hc/en-us/articles/4408823788314-Getting-started-with-Text )
Hey Reed! As stated in the article, at this time, the native Zendesk SMS and Text functionality is not covered by the BAA. Third-party integrations may be available that meet your compliance needs.
Please sign in to leave a comment.